Month: April 2006

….let’s try this again…Blognostication and saving things as drafts seems to have gotten the best of me and munged some previous versions of this post, my apologies – please reread for a slighly less confusing version. — In compiling results from the current revision of […]

This morning, on one of the malicious activity tracking lists that we subscribe to, someone asked about phishing stats for Q1 2006. I got curious, too, so I ran stats on the feed going into our Active Threat Feed (ATF) phishing policy, and came up […]

Every now and then, malicious or obfuscated JavaScript will appear on the radar, and this is how I’ve developed ways to determine what’s going on. The goals of malicious JavaScript are obvious: exploit a web browser vulnerability. The goals of obfuscated JavaScript are a bit […]

I recently wandered into Ann Arbor’s (and the first ever) Borders Books & Music store where I came upon a magazine titled “Skeptical Inquirer – The Magazine for Science and Reason.” At the bottom of the magazine cover, I read the text “Published by the […]

Dave Goldsmith had a great post earlier today which I would like to point out to anyone who hasn’t read it yet. With comments like, “I’m quite positive that when this vulnerability reached Sun Microsystems, someone’s head exploded”, I found his commentary very amusing. Even […]

I’ve been fingerprinting a lot of malicious servers the past couple of days and improving my approach. I focused on phishing servers because they represent a class of boxes I can interrogate in a few ways. Sure enough, when I run the original tests based […]

One of the things we’re doing in our work, and that will likely appear in our VBCon 06 paper, is understanding the distribution of OS’ per botnet command and control (c&c) server. I’ve been using a few tools to do this (it is in bulk…thousands […]

We’ve been tracking botnets for some time now; it’s a great way to directly monitor malicious activity. The graph above relates to a botnet I’m currently tracking. It’s seeing a lot of churn – something on the order of thousands of new IP addresses every […]

Q: What do you get when you cross PROTOS, Metasploit, SPIKE, tcpreplay, and ISIC, and then hardware-accelerate it? A: A slew of recently-launched “security analyzer” products — boxes designed to break just about anything on the network (including other security devices) by being the worst, […]

Greetings from Ann Arbor…I’m @ Rendez-Vous Cafe – right in the heart of Michigan’s central campus – having a cup of their delicious chocolate raspberry coffee (a must-try if ever you come up to A2). I returned last evening from Vancouver, still a bit over-whelmed […]

Posts navigation

Subscribe to this blog

First Name*

Last Name*

Company*

Email*

Comments

This field is for validation purposes and should be left unchanged.

Asert

Arbor’s Security Engineering & Response Team (ASERT) delivers world-class network security research and analysis for the benefit of today’s enterprise and network operators. ASERT engineers and researchers are part of an elite group of institutions that are referred to as ‘super remediators’ and represent the best in information security. ASERT has both visibility and remediation capabilities at nearly every tier one operator and a majority of service provider networks globally.

ASERT shares operationally viable intelligence with hundreds of international Computer Emergency Response Teams (CERTs) and with thousands of network operators via in-band security content feeds. ASERT also operates the world’s largest distributed honeynet, actively monitoring Internet threats around the clock and around the globe.

Arbor Networks has collaborated with Jigsaw (formerly Google Ideas) to create a data visualization that shows how Distributed Denial of Service (DDoS) attacks have become a global problem. The data is updated daily from Arbor’s global network of sensors and can be viewed at www.digitalattackmap.com